Tech Line

Profile Migration Meltdown

ADMT is a lifesaver for nearly all migration tasks.

Chris: I have been asking for new computers where I work to build a new domain, because the current domain has so many problems and is also tied to a company name twice removed. I have created the two new domain controllers and now face the task of moving my users to the new domain. Ordinarily that wouldn't be such a task. I can create the new user IDs, etc. but where I become confused is keeping the existing user profile on their desktop/laptops when they move to the new domain. It appears the new domain will create a new user on the desktop/laptop and the user won't have access to their pre-existing profile from the old domain.

How can I easily move these users to the new domain while keeping their same local profile?
— Brian

 

Tech Help—Just An
E-Mail Away

Got a Windows, Exchange or virtualization question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to the MCPmag.com editors at mailto:editor@mcpmag.com; the best questions get answered in this column and garner the questioner with a nifty MCPmag.com baseball-style cap.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message, but submit the requested information for verification purposes.)

Brian, you're describing a problem that many of us involved in migrations have had to deal with. Many shops that had dozens of NT domains often consolidated to one or just a few Active Directory domains during the migration process. With this in mind, allowing users to retain their profile data both pre- and post-migration is extremely important.

If you get paid by the hour, the best solution for you would be to do everything manually (copy the profile folders and rename as needed, then assign appropriate permissions for the accounts in the new domain). For the rest of us IT suckers that are paid by salary, I suggest using the Active Directory Migration Tool (ADMT).

The ADMT installation files are included on the Windows Server 2003 setup CD in the i386\admt folder. For your specific scenario, ADMT should be installed on a server in the target domain. This can be done by running admigration.msi from the i386\admt folder on the Windows set-up CD. Once you launch the program, just accept all set-up defaults and keep clicking Next until setup completes. Note that you can also download the ADMT here.

At this point, you should see the ADMT in the Administrative Tools folder on the server. Prior to running ADMT, you will need to ensure that ADMT's prerequisite permissions are met. You'll find information on satisfying the ADMT prerequisites in Microsoft Knowledge Base article 326480, "How to use Active Directory Migration Tool version 2 to migrate from Windows 2000 to Windows Server 2003." In your instance, you will need to ensure that the following conditions are satisfied:

  • A trust relationship is created so that the source domain trusts the target domain
  • The account used by ADMT has Administrator rights in the source domain, and Administrator rights on each computer that you migrate.

With the ADMT installed, existing profiles can be translated to match the new domain by opening the ADMT and selecting Security Translation Wizard from the Action menu. For details on the steps involved using ADMT for this purpose, take a look at the online Windows Server 2003 Deployment Kit article Remigrating User Accounts and Workstations in Batches. This article does such a great job outlining the necessary steps that I see no need to waste any of your time reading some of my additional babble.

While I have armed you with the tools you can use to to solve your problem, I also strongly recommend that you read the Windows Server 2003 Deployment Kit book Designing and Deploying Directory and Security Services chapter "Restructuring Active Directory Domains Between Forests." In this chapter, you will see step-by-step procedures of the complete migration process along with methods for migrating user accounts and profiles via the ADMT command line tool and via scripts. Every administrator that I have worked with that has been a part of any large Active Directory migration project has sworn up and down about how they couldn't have gotten by without ADMT.

Taking so much information from Microsoft and giving back so little has put a damper on my Christmas spirit. Perhaps to solve this, we should all send Bill Gates a check this holiday season to show our gratitude!

Of course, it's probably a good bet that some of you may not be feeling the "Microsoft love" this holiday season. If you've run into any specific problems with ADMT, I'm sure your fellow readers would love to hear about your troubles and what you did to solve them. If you're still in a giving sort of mood, please post your ADMT war story as a comment to this article.

Happy holidays!

About the Author

Chris Wolf is a Microsoft MVP for Windows --Virtual Machine and is a MCSE, MCT, and CCNA. He's a Senior Analyst for Burton Group who specializes in the areas of virtualization solutions, high availability, storage and enterprise management. Chris is the author of Virtualization: From the Desktop to the Enterprise (Apress), Troubleshooting Microsoft Technologies (Addison Wesley), and a contributor to the Windows Server 2003 Deployment Kit (Microsoft Press).learningstore-20/">Troubleshooting Microsoft Technologies (Addison Wesley) and a contributor to the Windows Server 2003 Deployment Kit (Microsoft Press).

comments powered by Disqus

SharePoint Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.